<?php
/**
 * PHP Daycare
 * Has all of the functions for the admin panel involving workers
 * @author Jason Butz
 * @version 0.0
 * @package PHPDaycare
 */
include_once('config.php');
include_once('functions.php');

$mode = $_GET['mode'];
session_start();
// Our user must be logged in & an admin to view things
if(loggedInAsAdmin() == 1)
{
	switch($mode)
	{
		case 'add':
				if(isset($_GET['i']))
				{
					// We are inserting a new worker into the DB
					$name = mysql_escape_string($_GET['name']);
					$address = mysql_escape_string($_GET['address']);
					$phone = mysql_escape_string($_GET['phone']);
					$info = mysql_escape_string($_GET['info']);
					$user = mysql_escape_string($_GET['username']);
					$pass = mysql_escape_string($_GET['password']);
					$pass2 = mysql_escape_string($_GET['password2']);
					$isAdmin = mysql_escape_string($_GET['admin']);
					if($pass != $pass2)
					{
						// We have non-matching passwords. This means there was a typo.
						echo "<p>The user was not added. The passwords did not match.</p>";
					}
					else
					{
						// We need to check for duplicate usernames. Everthing else can be duplicated for all we care
						$sql = "SELECT ID from worker WHERE username='$user';";
						$r = $db->query($sql);
						if(mysql_fetch_row($r))
						{
							// We have results! This means there is a duplicate!
							echo "<p>Error: The username entered is already in use. Please select something else.</p>";
						}
						else
						{
							// Passwords match, no duplicate usernames. We are all set!
							$sql = "INSERT INTO `worker` 
							(`name`, `address`, `phone`, `misc_info`, `username`, `password`, `administrator`) 
							VALUES 
							('$name', '$address', '$phone', '$info', '$user', PASSWORD('$pass'), '$isAdmin');";
							$r = $db->query($sql);
							if($r)
							{
								echo "<p>The new worker <i>$name</i> was added successfully.</p>";
							}
							else
							{
								echo "<p>An unknown error occurred and the user was not added.</p>";
							}
						}
					}
							
				}
				echo "<p>Please enter the new worker's information below.</p>";
				echo "<form name=\"addworker\">
				<p><label>Name:<br /><input type='text' name='name' size='25' tabindex='1'></label></p>
				<p><label>Address:<br /><textarea name='address' cols='45' rows='5' tabindex='2'></textarea></label></p>
				<p><label>Telephone:<br /><input type='text' name='phone' size='25' tabindex='2'></label></p>
				<p><label>Misc Info:<br /><textarea name='info' cols='45' rows='5' tabindex='3' onChange=\"outputtxt=newlinefix(document.addworker.info.value)\"></textarea></p></label>
				<script>outputtxt=document.addworker.info.value;</script>
				<p>Please enter the new worker's login info below. Check the box if you wish the worker to be able to access the administrator area.</p>
				<p><label>Username:<br /><input type='text' name='username' size='25' tabindex='4'></label></p>
				<p><label>Password:<br /><input type='password' name='password' size='25' tabindex='5'></label></p>
				<p><label>Password Again:<br /><input type='password' name='password2' size='25' tabindex='5'></label></p>
				<p><label>Administrator:<input type='checkbox' name='admin' tabindex='6'></label></p>
				<p><input type='button' tabindex='7' value='Add Worker' onClick=\"loadAdmininfo('worker.php', 'mode=add&i=1&name='+encodeURIComponent(document.addworker.name.value)+'&address='+encodeURIComponent(document.addworker.address.value)+'&phone='+encodeURIComponent(document.addworker.phone.value)+'&info='+encodeURIComponent(outputtxt)+'&username='+encodeURIComponent(document.addworker.username.value)+'&password='+encodeURIComponent(document.addworker.password.value)+'&password2='+encodeURIComponent(document.addworker.password2.value)+'&admin='+document.addworker.admin.value)\"/></p></form>";
			break;
		case 'modify':
			$mm =  'v';
			if(isset($_GET['mm']))
			{
				$mm = $_GET['mm'];
			}
			switch($mm)
			{
				case 'v': // Default action - view
					// We need a list of all the workers.
					$sql = "SELECT ID, name, username FROM worker";
					$r = $db->query($sql);
					echo "
					<p>Please select the worker you wish to modify.</p>
					<table cellspacing='1' class='tablesorter' width='500px'>
					<thead>
						<tr>
							<th class=\"{sorter: 'text'}\">Name</th>
							<th class=\"{sorter: 'text'}\">Username</th>
							<th class=\"{sorter: 'text'}\">Modify</th>
						</tr>
					</thead>
					<tbody>";
					while($row = mysql_fetch_row($r))
					{
						echo "<tr>
									<td>" . $row[1] . "</td>
									<td>" . $row[2] . "</td>
									<td><a href= \"#\" onClick=\"loadAdmininfo('worker.php', 'mode=modify&mm=m&id=".$row[0]."')\">Modify</a></td>
							</tr>";
					}
					echo "</tbody></table>";
					$temp->tablePager();
					echo "<script type=\"text/javascript\">loadsorter()</script><p>&nbsp;</p>";
					break;
				case 'm': // Modifcation page for user
					$id = $_GET['id'];
					$sql = "SELECT * FROM worker WHERE ID=$id;";
					$r = $db->query($sql);
					$row = mysql_fetch_row($r);
					echo "<p>Please update the worker's information below as desired. If you wish to set a new password then do that below.
					If you wish to leave the password the same leave the password fields blank.</p>";
					echo "<form name=\"addworker\">
					<p><label>Name:<br /><input type='text' name='name' size='25' tabindex='1' value='${row['1']}'></label></p>
					<p><label>Address:<br /><textarea name='address' cols='45' rows='5' tabindex='2'>${row['2']}</textarea></label></p>
					<p><label>Telephone:<br /><input type='text' name='phone' size='25' tabindex='2' value='${row['3']}'></label></p>
					<p><label>Misc Info:<br /><textarea name='info' cols='45' rows='5' tabindex='3' onChange=\"outputtxt=newlinefix(document.addworker.info.value)\">${row['4']}</textarea></p></label>
					<script>outputtxt=document.addworker.info.value;</script>
					<p>If you wish to change the worker's password you may do so below. Otherwise leave the boxes blank. Check the box if you wish the worker to be able to access the administrator area.</p>
					<p><label>Password:<br /><input type='password' name='password' size='25' tabindex='5'></label></p>
					<p><label>Password Again:<br /><input type='password' name='password2' size='25' tabindex='5'></label></p>";
					// This allows us to check the administrator box only if needed.
					$checked ="";
					if($row['7'] == 1)
					{
						$checked = " checked";
					}
					echo"
					<p><label>Administrator:<input type='checkbox' name='admin' tabindex='6'$checked></label></p>
					<p><input type='button' tabindex='7' value='Update Worker' onClick=\"loadAdmininfo('worker.php', 'mode=modify&mm=u&id=$id&name='+encodeURIComponent(document.addworker.name.value)+'&address='+encodeURIComponent(document.addworker.address.value)+'&phone='+encodeURIComponent(document.addworker.phone.value)+'&info='+encodeURIComponent(outputtxt)+'&password='+encodeURIComponent(document.addworker.password.value)+'&password2='+encodeURIComponent(document.addworker.password2.value)+'&admin='+document.addworker.admin.value)\"/></p></form>";
					break;
				case 'u': // Update the modifications then set page to view workers.
					// We are update a worker in the DB
					$id = mysql_escape_string($_GET['id']);
					$name = mysql_escape_string($_GET['name']);
					$address = mysql_escape_string($_GET['address']);
					$phone = mysql_escape_string($_GET['phone']);
					$info = mysql_escape_string($_GET['info']);
					$user = mysql_escape_string($_GET['username']);
					$pass = mysql_escape_string($_GET['password']);
					$pass2 = mysql_escape_string($_GET['password2']);
					$isAdmin = mysql_escape_string($_GET['admin']);
					if($isAdmin == 'on')
					{
						$isAdmin = 1;
					}
					else
					{
						$isAdmin = 0;
					}
					if($pass != $pass2 AND $pass != "")
					{
						// We have non-matching passwords. This means there was a typo.
						echo "<p>The user was not updated. The passwords did not match.</p>";
					}
					else
					{
						if($pass != "") // If a password was set
						{
							// We update the password
							$sql = "UPDATE `worker` SET `name` = '$name', `address` = '$address', `phone` = '$phone', `misc_info` = '$info', `password` = PASSWORD('$pass'), `administrator` = '$isAdmin' WHERE `ID` = '$id';";
						}
						else
						{
							// No changing of the password!
							$sql = "UPDATE `worker` SET `name` = '$name', `address` = '$address', `phone` = '$phone', `misc_info` = '$info', `administrator` = '$isAdmin' WHERE `ID` = '$id';";
						}
						$r = $db->query($sql);
						if($r)
						{
							echo "<p>The worker <i>$name</i> was modified successfully.</p>";
						}
						else
						{
							echo "<p>An unknown error occurred and the user was not updated.</p>";
						}
					}
					break;
			}
			break;
		case 'delete':
			// We may be deleting a worker
			if(isset($_GET['id']))
			{
				$id = $_GET['id'];
				// Lets let them know exactly who they are deleting.
				$sql = "SELECT name FROM worker WHERE ID=$id";
				$r = $db->query($sql);
				$row = mysql_fetch_row($r);
				$name = $row[0];
				// Now we delete
				$sql = "DELETE FROM worker WHERE ID=$id";
				$r = $db->query($sql);
				if($r)
				{
					echo "<p>The worker <i>$name</i> was deleted.</p>";
				}
				else
				{
					echo "<p>An error occurred. <i>$name</i> was not deleted.</p>";
				}
			}
			// We need a list of all the workers.
			$sql = "SELECT ID, name, username FROM worker";
			$r = $db->query($sql);
			echo "
			<p>Please select the worker you wish to delete. This operation CAN NOT be undone.</p>
			<table cellspacing='1' class='tablesorter' width='500px'>
			<thead>
				<tr>
					<th class=\"{sorter: 'text'}\">Name</th>
					<th class=\"{sorter: 'text'}\">Username</th>
					<th class=\"{sorter: 'text'}\">Delete</th>
				</tr>
			</thead>
			<tbody>";
			while($row = mysql_fetch_row($r))
			{
				echo "<tr>
							<td>" . $row[1] . "</td>
							<td>" . $row[2] . "</td>
							<td><a href= \"#\" onClick=\"loadAdmininfo('worker.php', 'mode=delete&id=".$row[0]."')\">Delete</a></td>
					</tr>";
			}
			echo "</tbody></table>";
			$temp->tablePager();
			echo "<script type=\"text/javascript\">loadsorter()</script><p>&nbsp;</p>";
			break;
	}
}
else
{
	// not logged in or not admin
	echo "<p>Error: You are not logged in, or are not an administrator. 
	Please log in as an administrator if you wish to access this area. 
	You may login <a href='index.php'>here</a>.</p>";
}
?>
